Win a copy of Mastering Corda: Blockchain for Java Developers this week in the Cloud/Virtualization forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Paul Clapham
  • Ron McLeod
  • Bear Bibeault
  • Liutauras Vilda
Sheriffs:
  • Jeanne Boyarsky
  • Tim Cooke
  • Junilu Lacar
Saloon Keepers:
  • Tim Moores
  • Tim Holloway
  • Stephan van Hulst
  • Jj Roberts
  • Carey Brown
Bartenders:
  • salvin francis
  • Frits Walraven
  • Piet Souris

JSTL setDataSource syntax secure or not?

 
Ranch Hand
Posts: 31
Netbeans IDE Tomcat Server Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
sometimes we write whole data source syntax in JSP page using JSTL with username and password. so is it secure or not?
for example:
<sql:setDataSource var="dataSource" driver="org.postgresql.Driver" url="jdbc:postgresql://localhost:5433/postgres" user="username" password="password" />

or how to reduce this type of secure syntax at jsp page?
 
Marshal
Posts: 67497
173
Mac Mac OS X IntelliJ IDE jQuery Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The JSP stays on the server and is never visible on the client -- so that's not an issue. However, anyone that has permission to view the files on the server can see this information. But it's no less secure in a JAP than in any other file.

P.S. Using the JSTL SQL tags in anything but "toy" code is not recommended.
 
Bartender
Posts: 1845
10
  • Likes 2
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
If you are going to use the JSTL SQL tags, I would recommend setting up a JNDI DataSource on your server, and referencing that from the sql tag instead of coding the connection details onto every jsp page.

 
Bear Bibeault
Marshal
Posts: 67497
173
Mac Mac OS X IntelliJ IDE jQuery Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Indeed.

I usually use Hibernate in my data layer (about as far removed from the UI as it could possibly be), but if you are going to roll your own JDBC, get it out of the JSP pages and use a datasource as Stefan recommended.
 
Anand Gajjar
Ranch Hand
Posts: 31
Netbeans IDE Tomcat Server Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
ok. sir....i will try to do this.....thanks....
 
Die Fledermaus does not fear such a tiny ad:
Building a Better World in your Backyard by Paul Wheaton and Shawn Klassen-Koop
https://coderanch.com/wiki/718759/books/Building-World-Backyard-Paul-Wheaton
reply
    Bookmark Topic Watch Topic
  • New Topic